Tag Archives: Recovery

Using data and IBM AI to make coronavirus economic predictions

Global digital marketing firm Wunderman Thompson launched its Risk, Readiness and Recovery map, an interactive platform that helps enterprises and governments make market-level decisions, amid the coronavirus pandemic.

The platform, released May 21, uses Wunderman Thompson’s data, as well as machine learning technology from IBM Watson, to predict state and local government COVID-19 preparedness and estimated economic recovery timetables for businesses and governments.

Building a platform

The idea for the Risk, Readiness and Recovery map, a free version of which is available on Wunderman Thompson’s website, originated two months ago as the global pandemic accelerated, said Adam Woods, CTO at Wunderman Thompson Data.

“We were looking at some of the visualizations that were coming in around COVID-19, and we were inspired to really say, let’s look at the insight that we have and see if that can make a difference,” Woods said.

A global marketing subsidiary of British multinational communications firm WPP plc, Wunderman Thompson has collected thousands of data elements on 270 million people in the U.S, including transaction, demographic and health data. That data, which is anonymized, led the company to understand the potential economic impact of the coronavirus quickly.

“We’ve seen the economic damage that this has caused, and we see that because we have access into really deep transactional data,” Woods said. “We were able to watch the ball drop almost in real time.”

We’re focusing on “how do we help brands that we work with really understand the right response and the way they should reopen their operations,” he said.

Wunderman Thompson, Risk, Readiness, Recovery
Wunderman Thompson’s Risk, Readiness and Recovery tool uses IBM Watson.

Wunderman Thompson Data, the technology arm of the company, developed the interactive Risk, Readiness and Recovery platform using that data.

Machine learning technology from IBM Watson proved to be an integral part of the platform.

Two data-centered companies

Wunderman Thompson Data started working with IBM Watson about a year ago. Wunderman Thompson Data had a data lake and consolidated data did not have modern tools to build machine learning models, Woods said.

So, the firm looked at the products from several different data science and AI vendors before settling on IBM.

We were able to watch the ball drop almost in real time.
Adam WoodsCTO of Wunderman Thompson Data

IBM provided a scalable system to help with Wunderman Thompson’s data science problem using Watson Studio, a machine learning-as-a-service platform with tools for data preparation, drag-and-drop machine learning model building and data visualization.

“They are very confident in their ability to work a problem at this scale,” Woods said, adding that Wunderman Thompson Data has about 20,000 different features it can bring into a machine learning model.

“We can do really fast, high-quality model understanding with those tools,” he said.

Wunderman Thompson Data brought in IBM’s Data Science Elite Team, a consultancy that works with customers to tackle AI- and analytics-related use cases, to set up a rapid growth testing model.

“Organically, we knew these were the right things to do, but we just didn’t have a way to get the project done,” Woods said.

The IBM and Wunderman Thompson partnership eventually powered the Risk, Readiness and Recovery platform, which uses Wunderman Thompson’s data and machine learning models built with IBM Watson Studio.

Risk, Readiness and Recovery

The platform, as the name suggests, focuses on three areas:

  1. Risk. Health conditions, COVID-19 and census.
  2. Readiness. Health support within communities.
  3. Recovery. The impact of COVID-19 on the economy.

Risk identifies how much a given local government organization or zip code area in the U.S. is at risk from COVID-19. Readiness, meanwhile, identifies how prepared an area is by looking at its hospital and intensive care unit availability, and Recovery identifies how economically affected local areas are, how fast they might recover and when they might return to normal.

Wunderman Thompson Data is selling the tool to state and local governments, as well as to enterprise customers.

“We’ve been able to really quickly look at this [data] and bring it to a position …to help brands in a highly localized way,” Woods said.

As the economic fallout and, in some places, recovery from the worst of the pandemic continues, it’s going to be on a “vastly different county and county basis, and we can see that in the data,” Woods said.

Go to Original Article
Author:

RTO and RPO: Understanding Disaster Recovery Times

You will focus a great deal of your disaster recovery planning (and rightly so) on the data that you need to capture. The best way to find out if your current strategy does this properly is to try our acid test. However, backup coverage only accounts for part of a proper overall plan. Your larger design must include a thorough model of recovery goals, specifically Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

Ideally, a restore process would contain absolutely everything. Practically, expect that to never happen. This article explains the risks and options of when and how quickly operations can and should resume following systems failure.

Table of Contents

Disaster Recovery Time in a Nutshell

What is Recovery Time Objective?

What is Recovery Point Objective?

Challenges Against Short RTOs and RPOs

RTO Challenges

RPO Challenges

Outlining Organizational Desires

Considering the Availability and Impact of Solutions

Instant Data Replication

Short Interval Data Replication

Ransomware Considerations for Replication

Short Interval Backup

Long Interval Backup

Ransomware Considerations for Backup

Using Multiple RTOs and RPOs

Leveraging Rotation and Retention Policies

Minimizing Rotation Risks

Coalescing into a Disaster Recovery Plan

Disaster Recovery Time in a Nutshell

If a catastrophe strikes that requires recovery from backup media, most people will first ask: “How long until we can get up and running?” That’s an important question, but not the only time-oriented problem that you face. Additionally, and perhaps more importantly, you must ask the question: “How much already-completed operational time can we afford to lose?” The business-continuity industry represents the answers to those question in the acronyms RTO and RPO, respectively.

What is Recovery Time Objective?

Your Recovery Time Objective (RTO) sets the expectation for the answer to, “How long until we can get going again?” Just break the words out into a longer sentence: “It is the objective for the amount of time between the data loss event and recovery.”

Recovery Time Objective RTO

Of course, we would like to make all of our recovery times instant. But, we also know that will not happen. So, you need to decide in advance how much downtime you can tolerate, and strategize accordingly. Do not wait until the midst of a calamity to declare, “We need to get online NOW!” By that point, it will be too late. Your organization needs to build up those objectives in advance. Budgets and capabilities will define the boundaries of your plan. Before we investigate that further, let’s consider the other time-based recovery metric.

What is Recovery Point Objective?

We don’t just want to minimize the amount of time that we lose; we also want to minimize the amount of data that we lose. Often, we frame that in terms of retention policies — how far back in time we need to be able to access. However, failures usually cause a loss of systems during run time. Unless all of your systems continually duplicate data as it enters the system, you will lose something. Because backups generally operate on a timer of some sort, you can often describe that potential loss in a time unit, just as you can with recovery times. We refer to the maximum total acceptable amount of lost time as a Recovery Point Objective (RPO).

Recovery Point Objective RPO

As with RTOs, shorter RPOs are better. The shorter the amount of time since a recovery point, the less overall data lost. Unfortunately, reduced RPOs take a heavier toll on resources. You will need to balance what you can achieve against what your business units want. Allow plenty of time for discussions on this subject.

Challenges Against Short RTOs and RPOs

First, you need to understand what will prevent you from achieving instant RTOs and RPOs. More importantly, you need to ensure that the critical stakeholders in your organization understand it. These objectives mean setting reasonable expectations for your managers and users at least as much as they mean setting goals for your IT staff.

RTO Challenges

We can define a handful of generic obstacles to quick recovery times:

  • Time to acquire, configure, and deploy replacement hardware
  • Effort and time to move into new buildings
  • Need to retrieve or connect to backup media and sources
  • Personnel effort
  • Vendor engagement

You may also face some barriers specific to your organization, such as:

  • Prerequisite procedures
  • Involvement of key personnel
  • Regulatory reporting

Make sure to clearly document all known conditions that add time to recovery efforts. They can help you to establish a recovery checklist. When someone requests a progress report during an outage, you can indicate the current point in the documentation. That will save you time and reduce frustration.

RPO Challenges

We could create a similar list for RPO challenges as we did for RTO challenges. Instead, we will use one sentence to summarize them all: “The backup frequency establishes the minimum RPO”. In order to take more frequent backups, you need a fast backup system with adequate amounts of storage. So, your ability to bring resources to bear on the problem directly impacts RPO length. You have a variety of solutions to choose from that can help.

Outlining Organizational Desires

Before expending much effort figuring out what you can do, find out what you must do. Unless you happen to run everything, you will need input from others. Start broadly with the same type of questions that we asked above: “How long can you tolerate downtime during recovery?” and “How far back from a catastrophic event can you re-enter data?” Explain RTOs and RPOs. Ensure that everyone understands that RPO means recent a loss of recent data, not long-term historical data.

These discussions may require a fair bit of time and multiple meetings. Suggest that managers work with their staff on what-if scenarios. They can even simulate operations without access to systems. For your part, you might need to discover the costs associated with solutions that can meet different RPO and RTO levels. You do not need to provide exact figures, but you should be ready and able to answer ballpark questions. You should also know the options available at different spend levels.

Considering the Availability and Impact of Solutions

To some degree, the amount that you spend controls the length of your RTOs and RPOs. That has limits; not all vendors provide the same value per dollar spent. But, some institutions set out to spend as close to nothing as possible on backup. While most backup software vendors do offer a free level of their product, none of them makes their best features available at no charge. Organizations that try to spend nothing on their backup software will have high RTOs and RPOs and may encounter unexpected barriers. Even if you find a free solution that does what you need, no one makes storage space and equipment available for free. You need to find a balance between cost and capability that your company can accept.

To help you understand your choices, we will consider different tiers of data protection.

Instant Data Replication

For the lowest RPO, only real-time replication will suffice. In real-time replication, every write to live storage is also written to backup storage. You can achieve this many ways, but the most reliable involve dedicated hardware. You will spend a lot, but you can reduce your RPO to effectively zero. Even a real-time replication system can drop active transactions, so never expect a complete shield against data loss.

Real-time replication systems have a very high associated cost. For the most reliable protection, they will need to span geography as well. If you just replicate to another room down the hall and a fire destroys the entire building, your replication system will not save you. So, you will need multiple locations, very high speed interconnects, and capable storage systems.

Short Interval Data Replication

If you can sustain a few minutes of lost information, then you usually find much lower price tags for short-interval replication technology. Unlike real-time replication, software can handle the load of delayed replication, so you will find more solutions. As an example, Altaro VM Backup offers Continuous Data Protection (CDP), which cuts your RPO to as low as five minutes.

As with instant replication, you want your short-interval replication to span geographic locations if possible. But, you might not need to spend as much on networking, as the delays in transmission give transfers more time to complete.

Ransomware Considerations for Replication

You always need to worry about data corruption in replication. Ransomware adds a new twist but presents the same basic problem. Something damages your real-time data. None-the-wiser, your replication system makes a faithful copy of that corrupted data. The corruption or ransomware has turned both your live data and your replicated data into useless jumbles of bits.

Anti-malware and safe computing practices present your strongest front-line protection against ransomware. However, you cannot rely on them alone. The upshot: you cannot rely on replication systems alone for backup. A secondary implication: even though replication provides very short RPOs, you cannot guarantee them.

Short Interval Backup

You can use most traditional backup software in short intervals. Sometimes, those intervals can be just, or nearly, as short as short-term replication intervals. The real difference between replication and backup is the number of possible copies of duplicated data. Replication usually provides only one copy of live data — perhaps two or three at the most — and no historical copies. Backup programs differ in how many unique simultaneous copies that they will make, but all will make multiple historical copies. Even better, historical copies can usually exist offline.

You do not need to set a goal of only a few minutes for short interval backups. To balance protection and costs, you might space them out in terms of hours. You can also leverage delta, incremental, and differential backups to reduce total space usage. Sometimes, your technologies have built-in solutions that can help. As an example, SQL administrators commonly use transaction log backups on a short rotation to make short backups to a local disk. They perform a full backup each night that their regular backup system captures. If a failure occurs during the day that does not wipe out storage, they can restore the previous night’s full backup and replay the available transaction log backups.

Long Interval Backup

At the “lowest” tier, we find the oldest solution: the reliable nightly backup. This usually costs the least in terms of software licenses and hardware. Perhaps counter-intuitively, it also provides the most resilient solution. With longer intervals, you also get longer-term storage choices. You get three major benefits from these backups: historical data preservation, protection against data corruption, and offline storage. We will explore each in the upcoming sections.

Ransomware Considerations for Backup

Because we use a backup to create distinct copies, it has some built-in protection against data corruption, including ransomware. As long as the ransomware has no access to a backup copy, it cannot corrupt that copy. First and foremost, that means that you need to maintain offline backups. Replication requires essentially constant continuity to its replicas, so only backup can work under this restriction. Second, it means that you need to exercise caution around restores when you execute restore procedures. Some ransomware authors have made their malware aware of several common backup applications, and they will hijack it to corrupt backups whenever possible. You can only protect your offline data copies by attaching them to known-safe systems.

Using Multiple RTOs and RPOs

You will need to structure your systems into multiple RTO and RPO categories. Some outages will not require much time to recover from. Some will require different solutions. For instance, even though we tend to think primarily in terms of data during disaster recovery planning, you must consider equipment as well. For instance, if your sales division prints its own monthly flyers and you lose a printer, then you need to establish, RTOs, RPOs, downtime procedures, and recovery processes just for those print devices.

You also need to establish multiple levels for your data, especially when you have multiple protection systems. For example, if you have both replication and backup technologies in operation, then you will set one RPO/RTO value for times when the replication works, and RTO/RPO values for when you must resort to long-term backup. That could happen due to ransomware or some other data corruption event, but it can also happen if someone accidentally deletes something important.

To start this planning, establish “Best Case” and “Worst Case” plans and processes for your individual systems.

Leveraging Rotation and Retention Policies

For your final exercise in time-based disaster recovery designs, we will look at rotation and retention policies. “Rotation” comes from the days of tape backups, when we would decide how often to overwrite old copies of data. Now that high-capacity external disks have reached a low-cost point, many businesses have moved away from tape. You may not overwrite media anymore, or at least not at the same frequency. Retention policies dictate how long you must retain at least one copy of a given piece of information. These two policies directly relate to each other.

Backup Rotation and Retention

In today’s terms, think of “rotation” more in terms of unique copies of data. Backup systems have used “differential” and “incremental” backups for a very long time. The former is a complete record of changes since the last full backup; the latter is a record of changes since the last backup of any kind. Newer backup copies have “delta” and deduplication capabilities. A “delta” backup operates like a differential or incremental backup, but within files or blocks. Deduplication keeps only one copy of a block of bits, regardless of how many times it appears within an entire backup set. These technologies reduce backup time and storage space needs… at a cost.

Minimizing Rotation Risks

All of these speed-enhancing and space-reducing improvements have one major cost: they reduce the total number of available unique backup copies. As long as nothing goes wrong with your media, then this will never cause you a problem. However, if one of the full backups suffer damage, then that invalidates all dependent partial backups. You must balance the number of full backups that you take against the amount of time and bandwidth necessary to capture them.

As one minimizing strategy, target your full backup operations to occur during your organization’s quietest periods. If you do not operate 24 hours per day, that might allow for nightly full backups. If you have low volume weekends, you might take full backups on Saturdays or Sundays. You can intersperse full backups on holidays.

Coalescing into a Disaster Recovery Plan

As you design your disaster recovery plan, review the sections in this article as necessary. Remember that all operations require time, equipment, and personnel. Faster backup and restore operations always require a trade-off of expense and/or resilience. Modest lengthening of allowable RTOs and RPOs can result in major cost and effort savings. Make certain that the key members of your organization understand how all of these numbers will impact them and their operations during an outage.

If you need some help defining RTO and RPO in your organization, let me know in the comments section below and I will help you out!


Go to Original Article
Author: Eric Siron

Datrium opens cloud DR service to all VMware users

Datrium plans to open its new cloud disaster recovery as a service to any VMware vSphere users in 2020, even if they’re not customers of Datrium’s DVX infrastructure software.

Datrium released disaster recovery as a service with VMware Cloud on AWS in September for DVX customers as an alternative to potentially costly professional services or a secondary physical site. DRaaS enables DVX users to spin up protected virtual machines (VMs) on demand in VMware Cloud on AWS in the event of a disaster. Datrium takes care of all of the ordering, billing and support for the cloud DR.

In the first quarter, Datrium plans to add a new Datrium DRaaS Connect for VMware users who deploy vSphere infrastructure on premises and do not use Datrium storage. Datrium DraaS Connect software would deduplicate, compress and encrypt vSphere snapshots and replicate them to Amazon S3 object storage for cloud DR. Users could set backup policies and categorize VMs into protection groups, setting different service-level agreements for each one, Datrium CTO Sazzala Reddy said.

A second Datrium DRaaS Connect offering will enable VMware Cloud users to automatically fail over workloads from one AWS Availability Zone (AZ) to another if an Amazon AZ goes down. Datrium stores deduplicated vSphere snapshots on Amazon S3, and the snapshots replicated to three AZs by default, Datrium chief product officer Brian Biles said.

Speedy cloud DR

Datrium claims system recovery can happen on VMware Cloud within minutes from the snapshots stored in Amazon S3, because it requires no conversion from a different virtual machine or cloud format. Unlike some backup products, Datrium does not convert VMs from VMware’s format to Amazon’s format and can boot VMs directly from the Amazon data store.

“The challenge with a backup-only product is that it takes days if you want to rehydrate the data and copy the data into a primary storage system,” Reddy said.

Although the “instant RTO” that Datrium claims to provide may not be important to all VMware users, reducing recovery time is generally a high priority, especially to combat ransomware attacks. Datrium commissioned a third party to conduct a survey of 395 IT professionals, and about half said they experienced a DR event in the last 24 months. Ransomware was the leading cause, hitting 36% of those who reported a DR event, followed by power outages (26%).

The Orange County Transportation Authority (OCTA) information systems department spent a weekend recovering from a zero-day malware exploit that hit nearly three years ago on a Thursday afternoon. The malware came in through a contractor’s VPN connection and took out more than 85 servers, according to Michael Beerer, a senior section manager for online system and network administration of OCTA’s information systems department.

Beerer said the information systems team restored critical applications by Friday evening and the rest by Sunday afternoon. But OCTA now wants to recover more quickly if a disaster should happen again, he said.

OCTA is now building out a new data center with Datrium DVX storage for its VMware VMs and possibly Red Hat KVM in the future. Beerer said DVX provides an edge in performance and cost over alternatives he considered. Because DVX disaggregates storage and compute nodes, OCTA can increase storage capacity without having to also add compute resources, he said.

Datrium cloud DR advantages

Beerer said the addition of Datrium DRaaS would make sense because OCTA can manage it from the same DVX interface. Datrium’s deduplication, compression and transmission of only changed data blocks would also eliminate the need for a pricy “big, fat pipe” and reduce cloud storage requirements and costs over other options, he said. Plus, Datrium facilitates application consistency by grouping applications into one service and taking backups at similar times before moving data to the cloud, Beerer said.

Datrium’s “Instant RTO” is not critical for OCTA. Beerer said anything that can speed the recovery process is interesting, but users also need to weigh that benefit against any potential additional costs for storage and bandwidth.

“There are customers where a second or two of downtime can mean thousands of dollars. We’re not in that situation. We’re not a financial company,” Beerer said. He noted that OCTA would need to get critical servers up and running in less than 24 hours.

Reddy said Datrium offers two cost models: a low-cost option with a 60-minute window and a “slightly more expensive” option in which at least a few VMware servers are always on standby.

Pricing for Datrium DRaaS starts at $23,000 per year, with support for 100 hours of VMware Cloud on-demand hosts for testing, 5 TB of S3 capacity for deduplicated and encrypted snapshots, and up to 1 TB per year of cloud egress. Pricing was unavailable for the upcoming DRaaS Connect options.

Other cloud DR options

Jeff Kato, a senior storage analyst at Taneja Group, said the new Datrium options would open up to all VMware customers a low-cost DRaaS offering that requires no capital expense. He said most vendors that offer DR from their on-premises systems to the cloud force customers to buy their primary storage.

George Crump, president and founder of Storage Switzerland, said data protection vendors such as Commvault, Druva, Veeam, Veritas and Zerto also can do some form of recovery in the cloud, but it’s “not as seamless as you might want it to be.”

“Datrium has gone so far as to converge primary storage with data protection and backup software,” Crump said. “They have a very good automation engine that allows customers to essentially draw their disaster recovery plan. They use VMware Cloud on Amazon, so the customer doesn’t have to go through any conversion process. And they’ve solved the riddle of: ‘How do you store data in S3 but recover on high-performance storage?’ “

Scott Sinclair, a senior analyst at Enterprise Strategy Group, said using cloud resources for backup and DR often means either expensive, high-performance storage or lower cost S3 storage that requires a time-consuming migration to get data out of it.

“The Datrium architecture is really interesting because of how they’re able to essentially still let you use the lower cost tier but make the storage seem very high performance once you start populating it,” Sinclair said.

Go to Original Article
Author:

Recovering from ransomware soars to the top of DR concerns

The rise of ransomware has had a significant effect on modern disaster recovery, shaping the way we protect data and plan a recovery. It does not bring the same physical destruction of a natural disaster, but the effects within an organization — and on its reputation — can be lasting.

It’s no wonder that recovering from ransomware has become such a priority in recent years.

It’s hard to imagine a time when ransomware wasn’t a threat, but while cyberattacks date back as far as the late 1980s, ransomware in particular has had a relatively recent rise in prominence. Ransomware is a type of malware attack that can be carried out in a number of ways, but generally the “ransom” part of the name comes from one of the ways attackers hope to profit from it. The victim’s data is locked, often behind encryption, and held for ransom until the attacker is paid. Assuming the attacker is telling the truth, the data will be decrypted and returned. Again, this assumes that the anonymous person or group that just stole your data is being honest.

“Just pay the ransom” is rarely the first piece of advice an expert will offer. Not only do you not know if payment will actually result in your computer being unlocked, but developments in backup and recovery have made recovering from ransomware without paying the attacker possible. While this method of cyberattack seems specially designed to make victims panic and pay up, doing so does not guarantee you’ll get your data back or won’t be asked for more money.

Disaster recovery has changed significantly in the 20 years TechTarget has been covering technology news, but the rapid rise of ransomware to the top of the potential disaster pyramid is one of the more remarkable changes to occur. According to a U.S. government report, by 2016 4,000 ransomware attacks were occurring daily. This was a 300% increase over the previous year. Ransomware recovery has changed the disaster recovery model, and it won’t be going away any time soon. In this brief retrospective, take a look back at the major attacks that made headlines, evolving advice and warnings regarding ransomware, and how organizations are fighting back.

In the news

The appropriately named WannaCry ransomware attack began spreading in May 2017, using an exploit leaked from the National Security Agency targeting Windows computers. WannaCry is a worm, which means that it can spread without participation from the victims, unlike phishing attacks, which require action from the recipient to spread widely.

Ransomware recovery has changed the disaster recovery model, and it won’t be going away any time soon.

How big was the WannaCry attack? Affecting computers in as many as 150 countries, WannaCry is estimated to have caused hundreds of millions of dollars in damages. According to cyber risk modeling company Cyence, the total costs associated with the attack could be as high as $4 billion.

Rather than the price of the ransom itself, the biggest issue companies face is the cost of being down. Because so many organizations were infected with the WannaCry virus, news spread that those who paid the ransom were never given the decryption key, so most victims did not pay. However, many took a financial hit from the downtime the attack caused. Another major attack in 2017, NotPetya, cost Danish shipping giant A.P. Moller-Maersk hundreds of millions of dollars. And that’s just one victim.

In 2018, the city of Atlanta’s recovery from ransomware ended up costing more than $5 million, and shut down several city departments for five days. In the Matanuska-Susitna borough of Alaska in 2018, 120 of 150 servers were affected by ransomware, and the government workers resorted to using typewriters to stay operational. Whether it is on a global or local scale, the consequences of ransomware are clear.

Ransomware attacks
Ransomware attacks had a meteoric rise in 2016.

Taking center stage

Looking back, the massive increase in ransomware attacks between 2015 and 2016 signaled when ransomware really began to take its place at the head of the data threat pack. Experts not only began emphasizing the importance of backup and data protection against attacks, but planning for future potential recoveries. Depending on your DR strategy, recovering from ransomware could fit into your current plan, or you might have to start considering an overhaul.

By 2017, the ransomware threat was impossible to ignore. According to a 2018 Verizon Data Breach Report, 39% of malware attacks carried out in 2017 were ransomware, and ransomware had soared from being the fifth most common type of malware to number one.

Verizon malware report
According to the 2018 Verizon Data Breach Investigations Report, ransomware was the most prevalent type of malware attack in 2017.

Ransomware was not only becoming more prominent, but more sophisticated as well. Best practices for DR highlighted preparation for ransomware, and an emphasis on IT resiliency entered backup and recovery discussions. Protecting against ransomware became less about wondering what would happen if your organization was attacked, and more about what you would do when your organization was attacked. Ransomware recovery planning wasn’t just a good idea, it was a priority.

As a result of the recent epidemic, more organizations appear to be considering disaster recovery planning in general. As unthinkable as it may seem, many organizations have been reluctant to invest in disaster recovery, viewing it as something they might need eventually. This mindset is dangerous, and results in many companies not having a recovery plan in place until it’s too late.

Bouncing back

While ransomware attacks may feel like an inevitability — which is how companies should prepare — that doesn’t mean the end is nigh. Recovering from ransomware is possible, and with the right amount of preparation and help, it can be done.

The modern backup market is evolving in such a way that downtime is considered practically unacceptable, which bodes well for ransomware recovery. Having frequent backups available is a major element of recovering, and taking advantage of vendor offerings can give you a boost when it comes to frequent, secure backups.

Vendors such as Reduxio, Nasuni and Carbonite have developed tools aimed at ransomware recovery, and can have you back up and running without significant data loss within hours. Whether the trick is backdating, snapshots, cloud-based backup and recovery, or server-level restores, numerous tools out there can help with recovery efforts. Other vendors working in this space include Acronis, Asigra, Barracuda, Commvault, Datto, Infrascale, Quorum, Unitrends and Zerto.

Along with a wider array of tech options, more information about ransomware is available than in the past. This is particularly helpful with ransomware attacks, because the attacks in part rely on the victims unwittingly participating. Whether you’re looking for tips on protecting against attacks or recovering after the fact, a wealth of information is available.

The widespread nature of ransomware is alarming, but also provides first-hand accounts of what happened and what was done to recover after the attack. You may not know when ransomware is going to strike, but recovery is no longer a mystery.

Go to Original Article
Author:

Gen 8 Unitrends appliances span SMB to enterprise

Unitrends upgraded and expanded its flagship Recovery Series data protection appliances, increasing disk density and adding options to help support customers ranging from SMBs to enterprises.

The new Gen 8 Unitrends appliances run Unitrends Backup version 10.2, the company’s latest backup software. The appliances also have a “self-healing storage” feature, which uses cloud-based analytics to monitor and automatically fix hardware anomalies before they turn into full-blown failures. If necessary, the appliance will notify the customer and automatically open a support ticket.

Unitrends’ new line of backup appliances features a wider range of models than the previous Recovery Series generation launched in October 2016. The Gen 8 platform includes 15 models, ranging from 2 TB to 120 TB usable capacity, although Unitrends dropped its 180 TB model in Gen 8. Gen 8 Unitrends appliances have added 12 TB capacity drives.

The new models include six 1U appliances for SMB and remote offices, two 1U and three 2U midsize appliances, and four 2U enterprise systems.

Joe Noonan, vice president of product management and marketing at Unitrends, explained that the previous appliance storage sizes weren’t fitting all the needs of the broad market Unitrends plays in.

By having such a broad market to go after, we needed to make it as easy as possible to buy and fit the budget needs of our end users.
Joe Noonanvice president of product management and marketing, Unitrends

“Unitrends does play in the enterprise, we play in the midmarket, and we even have some play in the SMB space,” Noonan said. “By having such a broad market to go after, we needed to make it as easy as possible to buy and fit the budget needs of our end users.”

Pricing for the new Unitrends appliances ranges from $2,749 for the 2 TB 8002 model to $97,999 for the 120 TB 8120S with Enterprise Plus software. Noonan said the price per useable TB had gone up 10% over the previous models. However, he said greater choice can reduce the cost for some midrange customers “because we filled in those gaps so that there was a better model to meet their needs and they didn’t have to buy something too big.”

Unitrends appliance
Latest Unitrends Recovery Series appliances include 12 TB drives for greater density.

Unitrends recently merged with Kaseya, but Noonan pointed out that Unitrends remains independent. “We maintained our management structure, we maintained our CEO; our channel remains the same,” he said.

Unitrends sells backup software separately or integrated on appliances. Its product portfolio also includes VMware Backup Essentials virtual backup appliances and Boomerang for VMware software that replicates to public clouds for disaster recovery.

With pieces on so many playing fields, Unitrends runs into a lot of competition. Noonan sees Barracuda as the biggest backup competitor for Unitrends appliances, but also lists Data Domain, Rubrik and Veeam as hardware or software competitors. He said Unitrends tries to stand out by offering a complete on-premises-to-cloud package. “That combination, being able to fit a very well-priced solution that is very low-maintenance because it’s a full box, you’re not stitching that together yourself, and then offering a wide array of disaster recovery options; we’re able to constantly fill gaps as you go along on that disaster recovery story all the way through to the cloud.”

Iron Mountain data recovery adds ransomware protection

Iron Mountain data recovery wants to perform “CPR” on organizations that get hit with ransomware.

The Iron Cloud Critical Protection and Recovery (CPR), set to launch this month, isolates data, disconnecting it from a network. It provides a “cleanroom” to recover data, in the event of an attack, and ensures that ransomware is out of the system.

“Every business is really data-driven today,” said Pete Gerr, senior product manager at Iron Mountain, which is based in Boston. “Data is their most valuable asset.”

Legacy backup and disaster recovery “really weren’t built for the modern threat environment,” and isolated recovery offers the best protection against ransomware, Gerr said.

Ransomware continues to get smarter and remains a prevalent method of cyberattack. Phil Goodwin, research director of storage systems and software at IDC, said the majority of risks for organizations’ data loss involve malware and ransomware. “It’s not a matter of if they’re going to get hit, it’s a matter of when,” Goodwin said.

That’s caused many organizations to proactively tackle the problem with ransomware-specific products

“It’s moved from a backroom discussion to the boardroom,” Gerr said.

Iron Mountain data recovery gets ‘clean’

Iron Cloud CPR features Iron Mountain’s Virtual Cleanroom, a dedicated computing environment hosted within Iron Cloud data centers that provides an air gap. The cleanroom serves as an offline environment where customers can recover backups stored within the secure CPR vault. Then customers can use data forensic utilities or a designated security provider to audit and validate that restored data sets are free from viruses and remediate them if necessary.

It’s moved from a backroom discussion to the boardroom.
Pete Gerrsenior product manager, Iron Mountain

Customers then use Iron Mountain data recovery to restore selected sets back to their production environment or another site.

“The last thing we want to do is recover a backup set … that reinfects your environment,” Gerr said.

The air gap, which ensures that ransomware does not touch a given data set, can also be found in such media as tape storage that is disconnected from the network.

Goodwin cautioned that the CPR product should complement an organization’s backup and recovery platform, not replace it.

“It will fit well with what the customer has,” he said.

Iron Cloud CPR also includes a managed service for organizations using Dell EMC’s Cyber Recovery for ransomware recovery. Hosted in Iron Mountain’s data centers, Iron Cloud CPR for Dell EMC Cyber Recovery on Data Domain enables customers to isolate critical data off site for protection against attacks, using a cloud-based monthly subscription model.

CPR is part of the Iron Cloud data management portfolio, which was built using Virtustream’s xStream Cloud Management Platform. The portfolio also includes backup, archive and disaster recovery services.

Both Iron Cloud CPR offerings are fully managed services and work without any other products, Gerr said. They will be available as part of Dell EMC and Virtustream’s data protection portfolios.

Iron Mountain, which claims more than 230,000 customers across its entire product line, said Iron Cloud CPR is expected to be generally available by the end of June. Several customers are working with the Iron Mountain data recovery product as early adopters.

A data replication strategy for all your disaster recovery needs

Meeting an organization’s disaster recovery challenges requires addressing problems from several angles based on specific recovery point and recovery time objectives. Today’s tight RTO and RPO expectations mean almost no data gets lost and no downtime.

To meet those expectations, businesses must move beyond backup and consider a data replication strategy. Modern replication products offer more than just a rapid disaster recovery copy of data, though. They can help with cloud migration, using the cloud as a DR site and even solving copy data challenges.

Replication software comes in two forms. One is integrated into a storage system, and the other is bought separately. Both have their strengths and weaknesses.

An integrated data replication strategy

The integrated form of replication has a few advantages. It’s often bundled at no charge or is relatively inexpensive. Of course, nothing in life is really free. The customer pays extra for the storage hardware in order to get the “free” software. In addition, at-scale, storage-based replication is relatively easy to manage. Most storage system replication works at a volume level, so one job replicates the entire volume, even if there are a thousand virtual machines on it. And finally, storage system-based replication is often backup-controlled, meaning the replication job can be integrated and managed by backup software.

There are, however, problems with a storage system-based data replication strategy. First, it’s specific to that storage system. Consequently, since most data centers use multiple storage systems from different vendors, they must also manage multiple replication products. Second, the advantage of replicating entire volumes can be a disadvantage, because some data centers may not want to replicate every application on a volume. Third, most storage system replication inadequately supports the cloud.

Stand-alone replication

IT typically installs stand-alone replication software on each host it’s protecting or implements it into the cluster in a hypervisor environment. Flexibility is among software-based replication’s advantages. The same software can replicate from any hardware platform to any other hardware platform, letting IT mix and match source and target storage devices. The second advantage is that software-based replication can be more granular about what’s replicated and how frequently replication occurs. And the third advantage is that most software-based replication offers excellent cloud support.

While backup software has improved significantly, tight RPOs and RTOs mean most organizations will need replication as well.

At a minimum, the cloud is used as a DR target for data, but it’s also used as an entire disaster recovery site, not just a copy. This means there can be instantiate virtual machines, using cloud compute in addition to cloud storage. Some approaches go further with cloud support, allowing replication across multiple clouds or from the cloud back to the original data center.

The primary downside of a stand-alone data replication strategy is it must be purchased, because it isn’t bundled with storage hardware. Its granularity also means dozens, if not hundreds of jobs, must be managed, although several stand-alone data replication products have added the ability to group jobs by type. Finally, there isn’t wide support from backup software vendors for these products, so any integration is a manual process, requiring custom scripts.

Modern replication features

Modern replication software should support the cloud and support it well. This requirement draws a line of suspicion around storage systems with built-in replication, because cloud support is generally so weak. Replication software should have the ability to replicate data to any cloud and use that cloud to keep a DR copy of that data. It should also let IT start up application instances in the cloud, potentially completely replacing an organization’s DR site. Last, the software should support multi-cloud replication to ensure both on-premises and cloud-based applications are protected.

Another feature to look for in modern replication is integration into data protection software. This capability can take two forms: The software can manage the replication process on the storage system, or the data protection software could provide replication. Several leading data protection products can manage snapshots and replication functions on other vendors’ storage systems. Doing so eliminates some of the concern around running several different storage system replication products.

Data protection software that integrates replication can either be traditional backup software with an added replication function or traditional replication software with a file history capability, potentially eliminating the need for backup software. It’s important for IT to make sure the capabilities of any combined product meets all backup and replication needs.

How to make the replication decision

The increased expectation of rapid recovery with almost no data loss is something everyone in IT will have to address. While backup software has improved significantly, tight RPOs and RTOs mean most organizations will need replication as well. The pros and cons of both an integrated and stand-alone data replication strategy hinge on the environment in which they’re deployed.

Each IT shop must decide which type of replication best meets its current needs. At the same time, IT planners must figure out how that new data replication product will integrate with existing storage hardware and future initiatives like the cloud.

One-click replication for Azure Virtual Machines with Azure Site Recovery

We are happy to announce that Azure Site Recovery (ASR) is now built into the virtual machine experience so that you can setup replication in one click for your Azure virtual machines. Combined with ASR’s one-click failover capabilities, its simpler than ever before to setup replication and test a disaster recovery scenario.

Using the one-click replication feature, now in public preview, is very simple. Just browse to your VM, select Disaster recovery, select the target region of your choice, review the settings and click Enable replication. That’s it – disaster recovery for your VM is configured. The target resource group, availability set, virtual network and storage accounts are auto-created based on your source VM configuration. You also have the flexibility to pick custom target settings. You can refer to the animation below for the flow.

vm-dr

If you have applications running on Azure IaaS virtual machines, your applications still have to meet compliance requirements. While the Azure platform already has built-in protection for localized hardware failures, you still need to safeguard your applications from major incidents. This includes catastrophic events such as hurricanes and earthquakes, or software glitches causing application downtime. Using Azure Site Recovery, you can have peace of mind knowing your business-critical applications running on Azure VMs are covered and without the expense of secondary infrastructure. Disaster recovery between Azure regions is available in all Azure regions where ASR is available. Get started with Azure Site Recovery today.

Related links and additional content

Zerto replication upgrade features faster AWS recovery

Zerto added faster recovery in Amazon Web Services in the latest version of its software as part of its plan for tighter integration with the market-leading public cloud.

With Zerto Virtual Replication 5.5, the DR software vendor promises its recovery in Amazon Web Services (AWS) will be three to five times faster than before. Recovery will typically take around 15 minutes, said Rob Strechay, senior vice president of product at Boston-based Zerto.

“It makes Amazon a much more viable recovery place,” Strechay said.

Strechay said Zerto uses its own intellectual property to improve recovery time objectives with AWS. Previous versions of Zerto Virtual Replication used official AWS APIs, which led to higher recovery time objectives.

Rob Strechay, Zerto senior vice president of productRob Strechay

Zerto has a goal of featuring replication out of AWS by next year. The vendor offers that failback capability out of Microsoft Azure in Zerto Virtual Replication 5.5, as previewed at ZertoCON in May.

Customers can fail back from Azure to another cloud target for data protection in a hybrid cloud. Since Zerto replication to Azure launched in November 2016, the vendor has received requests for the failback capability, which it now offers in partnership with Microsoft, Strechay said.

The business continuity and disaster recovery (BCDR) vendor also expanded support to AWS regions in Canada, Ohio, London and Mumbai, India.

Manufacturer scores with Zerto BCDR

It makes Amazon a much more viable recovery place.
Rob StrechayZerto’s senior vice president of product, on Zerto Virtual Replication 5.5

Logo Brands, a manufacturer of licensed sports goods in Franklin, Tenn., has used Zerto Virtual Replication for AWS for approximately two years after switching from Veeam Software. IT manager Tim Tweten said although he was happy with Veeam, Logo Brands switched because Zerto offered more business continuity in addition to disaster recovery.

Tweten said he likes how easy it is to fail over to AWS and, if necessary, leave a server running there. Though the company has not needed to recover any data yet, it has performed successful failover testing. Tweten said failback from AWS would be helpful.

The manufacturer sells items with team logos — such as chairs, tables and bags — for about 600 teams, including professional baseball, basketball, football and hockey clubs. It protects up to 7 TB through the Zerto replication product.

“Of all the software products we use, it’s probably easiest to manage [and] the easiest to trust that it’s working,” Tweten said of Virtual Replication. “It took a burden off of our backs.”

Zerto upgrades upgrade system, adds support

The Zerto replication upgrade became generally available Tuesday. Zerto claims about 5,000 customers.

The vendor has enhanced the upgrade process, making it more automatic and less error-prone, Strechay said. There is one upgrade process for all Zerto Virtual Replication components.

The process is not quite at the “push-button” level, but that’s a goal, Strechay said.

Other updates include:

  • Zerto Analytics, which provides real-time and historical information on the status of multisite, multicloud environments;
  • The Zerto Mobile Widget, which enables access to an environment’s health statistics without opening the full application; and
  • Support for vCenter 6.5, Hyper-V 2016 and SCVMM 2016.

Strechay said Zerto’s biggest advantage over legacy DR is its embrace of the cloud.

The Enterprise Cloud Edition of Zerto Virtual Replication 5.5 is priced at $985 per virtual machine.

Zerto has two software releases planned for 2018. Strechay said the vendor will continue to improve the simplicity of Zerto replication and focus on IT resiliency versus disaster recovery capabilities.

Reduce downtime with Azure Site Recovery service

The Azure Site Recovery service uses Microsoft’s cloud platform to prevent a halt in operations when issues arise. Azure Site Recovery moves workloads to and from different data centers — as well as both public and private clouds — to keep key services online and available.

What is Azure Site Recovery?

The Azure Site Recovery service has two elements:

  • The software and connections move VMs and services between two private data centers — either owned or rented by your organization — including Hyper-V and VMware VMs.
  • The Azure public cloud service acts as a data center stand-in and provides hot site disaster recovery capabilities. The Azure Site Recovery service also supports the hypervisors on Hyper-V and VMware vSphere. Azure Site Recovery does not work with the Xen hypervisor.

New Azure portal offers advanced management

At one time, administrators needed PowerShell to set up Azure Site Recovery  to use Azure Resource Manager style deployments. IT shops can now use the new Azure portal to set up a new Azure Site Recovery environment, including a recovery vault.

This update enables IT to specify different VM sizes within the same account and set up fine-grained access to each resource based on user roles. Only the new portal supports fresh deployments, but it also can manage and support any existing deployments that began via the “classic” portal.

How to set up Azure Site Recovery

In addition to an Azure subscription, the organization needs an Azure storage account that holds data replicated from on-premises servers.

Log into the new portal to create a Recovery Services vault inside the storage account. Select New > More Services > Monitoring + Management > Backup and Site Recovery (OMS) to create VMs with replicated data; these failed-over Azure VMs also need access to an Azure network.

VMware shops will need a local VM to run the configuration server role that coordinates the data and communication with Azure and also handles the data replication processes. This VM is the process server and functions as a replication gateway — it caches, compresses and encrypts replication data, then sends it to Azure. The process server discovers other VMs and adds them to a replication configuration. The configuration server also acts as the master target server, which handles the replication after a disaster concludes and roles shift from Azure back to the on-premises locations.

The Azure Site Recovery service also supports the hypervisors on Hyper-V and VMware vSphere. Azure Site Recovery does not work with the Xen hypervisor.

Windows and Hyper-V shops need either System Center Virtual Machine Manager in the on-premises environment to manage the VMs or the Site Recovery Provider that communicates with the service over the internet. They also must install the Recovery Services agent on non-Virtual Machine Manager hosts to manage data replication.

How does it work?

From there, the Azure Site Recovery service does most of the grunt work. It manages replication based on pre-programmed cycles of 1 minute, 2 minutes, 15 minutes and so on. After the initial seeding, Azure Site Recovery performs delta replication to save bandwidth. You can set up “exclude disks” to avoid replication of temporary files and page files.

Remember to set up a recovery plan that instructs the services where VMs go, on what schedule and in what order; this creates a recipe to follow if a disaster or business interruption occurs. You can then trigger a failback once the interruption concludes and return services to their normal operation and location.

Powered by WPeMatico